Skip to content

Commit 23e8411

Browse files
vvolandvvoland
committed
engine: 29.5.1
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
1 parent ec6d849 commit 23e8411

2 files changed

Lines changed: 28 additions & 2 deletions

File tree

content/manuals/engine/release-notes/29.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,32 @@ For more information about:
2222
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
2323
- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history/).
2424

25+
## 29.5.1
26+
27+
{{< release-date date="2026-05-18" >}}
28+
29+
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
30+
31+
- [docker/cli, 29.5.1 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A29.5.1)
32+
- [moby/moby, 29.5.1 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A29.5.1)
33+
34+
### Security
35+
36+
This release includes fixes for multiple security vulnerabilities affecting Docker Engine.
37+
38+
- **CVE-2026-41567** Fix a vulnerability in `docker cp` where archive decompression binaries (e.g. `xz`, `unpigz`) were resolved via `PATH` inside the container filesystem while running as host root, allowing a malicious container to execute arbitrary binaries with host root privileges.
39+
[GHSA-x86f-5xw2-fm2r](https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r)
40+
41+
- **CVE-2026-41568** Fix a TOCTOU vulnerability in `docker cp` that allowed a container process to create files or directories at arbitrary locations on the host filesystem.
42+
[GHSA-vp62-88p7-qqf5](https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5)
43+
44+
- **CVE-2026-42306** Fix a TOCTOU vulnerability in `docker cp` that allowed a container process to redirect a bind mount to an arbitrary location on the host filesystem.
45+
[GHSA-rg2x-37c3-w2rh](https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh)
46+
47+
### Networking
48+
49+
- Fix UDP conntrack entries not being deleted when not bound to a specific IP address. [moby/moby#52640](https://github.com/moby/moby/pull/52640)
50+
2551
## 29.5.0
2652

2753
{{< release-date date="2026-05-14" >}}

hugo.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,10 +154,10 @@ params:
154154
# Latest version of the Docker Engine API
155155
latest_engine_api_version: "1.54"
156156
# Latest version of Docker Engine
157-
docker_ce_version: "29.5.0"
157+
docker_ce_version: "29.5.1"
158158
# Previous version of the Docker Engine
159159
# (Used to show e.g., "latest" and "latest"-1 in engine install examples
160-
docker_ce_version_prev: "29.4.3"
160+
docker_ce_version_prev: "29.5.0"
161161
# Latest Docker Compose version
162162
compose_version: "v5.1.2"
163163
# Latest BuildKit version

0 commit comments

Comments
 (0)